diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2022-01-20 20:06:23 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2022-01-20 20:06:26 +0300 |
| commit | 53961c2d8a97d0f9e5a90c17ca48380657e79c3e (patch) | |
| tree | 0f30b66a917f31dfd698059e03d254464b48c564 /meta-security/recipes-security/sssd | |
| parent | cbf46010eab661117b0225bdb30fcf565c1d8b3c (diff) | |
| download | openbmc-53961c2d8a97d0f9e5a90c17ca48380657e79c3e.tar.xz | |
meta-security: subtree update:a85fbe980e..c20b35b527
Anton Antonov (1):
Parsec service. Update PACKAGECONFIG definitions and README.md
Armin Kuster (20):
python3-fail2ban: fix build failure and cleanup
meta-parsec/README: remove rust layer req.
opendnssec: blacklist do to ldns being blacklisted
apparmor: Add a python 3.10 compatability patch
tpm2-tools: update to 5.2
openssl-tpm-engine: fix build issue with openssl 3
tpm2-openssl: add new pkg
tpm2-pkcs11: update to 1.7.0
recipes: Update SRC_URI branch and protocols
sssd: Create /var/log/sssd in runtime
bastille: Create /var/log/Bastille in runtime
python3-fail2ban: remove /run
tpm2-pkcs11: update to 1.7.0
libest: does not build with openssl 3.x
clamav: fix useradd warning
python3-fail2ban: update to tip
tpm2-pkcs11: backport openssl 3.x build fixes
packagegroup-security-tpm2: drop ibmswtpm2
meta-integrity: drop strongswan bbappends
meta-tpm: drop strongswan bbappends
Kai Kang (2):
sssd: re-package to fix QA issues
apparmor: fix warning of remove operator combined with +=
Kristian Klausen (2):
swtpm: update to 0.6.1
dm-verity-img.bbclass: Fix wrong override syntax for CONVERSION_DEPENDS
Liwei Song (1):
recipes-security/chipsec: platform security assessment framework
Stefan Mueller-Klieser (1):
tpm2-tss: fix fapi package config
Yi Zhao (2):
openssl-tpm-engine: fix warning for append operator combined with +=
meta-parsec/README.md: fix for append operator combined with +=
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I2156e47cf3f4f45daa2b60a73e3b46be3b6a86c0
Diffstat (limited to 'meta-security/recipes-security/sssd')
| -rw-r--r-- | meta-security/recipes-security/sssd/sssd_2.5.2.bb | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/meta-security/recipes-security/sssd/sssd_2.5.2.bb b/meta-security/recipes-security/sssd/sssd_2.5.2.bb index 76d6e03e9b..8bc8787b88 100644 --- a/meta-security/recipes-security/sssd/sssd_2.5.2.bb +++ b/meta-security/recipes-security/sssd/sssd_2.5.2.bb @@ -86,13 +86,23 @@ do_install () { rmdir --ignore-fail-on-non-empty "${D}/${bindir}" install -d ${D}/${sysconfdir}/${BPN} install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN} - install -D -m 644 ${WORKDIR}/volatiles.99_sssd ${D}/${sysconfdir}/default/volatiles/99_sssd + + # /var/log/sssd needs to be created in runtime. Use rmdir to catch if + # upstream stops creating /var/log/sssd, or adds something else in + # /var/log. + rmdir ${D}${localstatedir}/log/${BPN} ${D}${localstatedir}/log + rmdir --ignore-fail-on-non-empty ${D}${localstatedir} if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/tmpfiles.d echo "d /var/log/sssd 0750 - - - -" > ${D}${sysconfdir}/tmpfiles.d/sss.conf fi + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then + install -d ${D}${sysconfdir}/default/volatiles + echo "d ${SSSD_UID}:${SSSD_GID} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN} + fi + # Remove /run as it is created on startup rm -rf ${D}/run @@ -106,6 +116,8 @@ fi chown ${SSSD_UID}:${SSSD_GID} ${sysconfdir}/${BPN}/${BPN}.conf } +FILES:${PN} += "${nonarch_libdir}/tmpfiles.d" + CONFFILES:${PN} = "${sysconfdir}/${BPN}/${BPN}.conf" INITSCRIPT_NAME = "sssd" @@ -125,10 +137,14 @@ SYSTEMD_SERVICE:${PN} = " \ " SYSTEMD_AUTO_ENABLE = "disable" -FILES:${PN} += "${libdir} ${datadir} ${base_libdir}/security/pam_sss*.so" -FILES:${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" +PACKAGES =+ "libsss-sudo" +ALLOW_EMPTY:libsss-sudo = "1" -# The package contains symlinks that trip up insane -INSANE_SKIP:${PN} = "dev-so" +FILES:${PN} += "${base_libdir}/security/pam_sss*.so \ + ${datadir}/dbus-1/system-services/*.service \ + ${libdir}/krb5/* \ + ${libdir}/ldb/* \ + " +FILES:libsss-sudo = "${libdir}/libsss_sudo.so" -RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam" +RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam libsss-sudo" |